The fundamental insecurity of the internet

The entire global economy relies on a world wide web that began in 1991 at the European Organization for Nuclear Research (CERN) as a way to share files between networked computers.

The world wide web was designed for collaboration between scientists. Security was not part of the original design.

Security was also not intrinsic to the network that web pages rely on.

The foundation of the internet came largely from pioneering work at the Pentagon – who funded a packet-switched network called ARPANET. The goal was to build a redundant network to allow research institutions, government agencies and the military to collaborate, even if large parts of the network were disrupted (say in the case of nuclear attack). The first ARPANET message was sent in 1969, and the network remained in place until 1990.

Computer scientists Vinton Cerf and Robert Kahn attempted to build encryption technology into the TCP/IP protocol that was used on the network, but were blocked by the US National Security Agency because the technology was classified.

“We never got to production code”

– Vinton Cerf, TCP/IP developer

That first 1991 CERN webpage grew to 10 websites by 1992. By 1994 there were 3,000 websites listed in “Jerry and David’s Guide to the World Wide Web” (which became Yahoo).

And of course over the next 10 years we would see entire industries created with global commerce giants like Amazon, payment processors like PayPal, social media giants like Facebook and giant data and digital advertisers like Google. And of course disrupters like Airbnb, Uber and Netflix.

All built on beta technology.

Security is an illusion

So we have a global, digitalized economy running on a vulnerable foundation.

And to add to this, a growing digital storm is being created by a combination of increasing technology innovation (including AI) and increasing dependence on the technology.

Some of the top threats to look out for in 2025 are:

• ransomware
• poisoning data used to train AI models (adversarial AI)
• supply chain
• reputational attacks on corporate leaders

And as the old saying goes, good guys must protect against every possible vulnerability, while the bad guys only need to be successful once.

Digital Resilience is the goal

With 29% of global organizations suffering a successful cyber attack last year (according to Davos 2024), the key is to build resiliency so that an organization can maintain critical and highly-important digital services in the face of attack. And also during recovery from attack.

Resilient organizations understand that cybersecurity as a siloed IT function does not work; they need to make resilience a critical business function that impacts the entire company across the core pillars of:

• Data privacy
• Compliance
• Cybersecurity
• Risk Management
• Business Continuity Planning

At Neon Onion, we understand that digital resilience grows in layers and this understanding allows us to guide you on each step of your digital resilience journey through our comprehensive service offerings.